Worms turn to top malware threat list

For the ninth month running, Sdbot.ftp has topped the list of the most prevalent global IT security threats, according to a newly published monitoring report.

The study, based on the malware most frequently detected by Panda Software's online antivirus during February, also noteed that there have been "a significant number" of detections of Netsky.P, one of the oldest examples of malware in the ranking.

The Windows metafile (WMF) exploit secured third place in the ranking, demonstrating that cyber criminals have been actively exploitating the vulnerability in the processing of WMF files. Meanwhile, Tearec.A remained in fourth place, after the commotion caused last month by its coded activation on the third of every month.

During February, Sdbot.ftp was responsible for 2.5 percent of all global infections. Then came the veteran Netsky.P (1.3 percent), followed by other more recent threats such as Metafile (1.24 percent), Tearec.A (0.95 percent), Sober.AH (0.85 percent) and Bagle.GS (0.84 percent). Finally, with less significant frequency rates, came Qhost.gen, Gaobot.gen; Alcan.A and Parite.B.

The rising trend of worms is of particular significance in this month's top ten, the report observed. "While in December, six out of ten of the threats most frequently detected by Panda ActiveScan were worms, this rose to seven in January and now, in February, composed eight out of ten threats detected," the study noted. "A clear example of the success of worms is Tearec.A (CME-24), also known as Kama Sutra, which spreads widely using social engineering techniques – in this case, the lure of e-mails with erotic content."

Panda Software said that social engineering is a primary factor behind the persistence of Sober.AH, a worm that caused an Orange Alert status at the end of November 2005, arriving in the guise of a warning from the FBI, among other deceptions.

Another code that was said to "stand out" was the Windows metafile, a code written to exploit a security hole in GDI32.DLL (used by programs such as Windows Picture and Fax Viewer), that infects the following Windows platforms: Windows 98, Millennium Edition (ME), 2000, XP and Server 2003.

"This confirms that malware creators are taking advantage of the latest vulnerabilities (in this case, one affecting processing of WMF files) in order to spread their creations," the study stated.